0

How do I create a PHP script that will redirect to a custom URL when link added in the URL. For instance, when a user visits this:

http://mydomain.com/link.php?=http://www.google.com

It should redirect them instantly to google.

Ideally, is it possible to ensure that the click itself came locally?

I am aware that this is most likely a very basic PHP code but note that my knowledge of it is very limited which is restricting me from writing it.

Improve this question
0

3 Answers 3

Reset to default
2

You can use the HTTP_REFERER of $_SERVER variable to check whether it is from the local domain.

Reference: http://php.net/manual/en/reserved.variables.server.php

For redirection, try using the below

http://mydomain.com/link.php?r=http://www.google.com
header("Location:".$_GET['r']);

Reference: https://www.php.net/manual/en/function.header.php

I hope the following works for you, you can hard code the $domain variable as mydomain.com

$url = "http://www.php.net/index.html";
$domain = str_ireplace('www.', '', parse_url($url, PHP_URL_HOST));
$refDomain = str_ireplace('www.', '', parse_url($_SERVER["HTTP_REFERER"], PHP_URL_HOST));

if(strcmp($domain, $refDomain) == 0)
{
     //your code goes here
     header("Location:".$_GET['r']);
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Can you kindly demonstrate in your code how I would use the HTTP_REFERER of $_SERVER variable?
changing the referer value in $_SERVER will do nothing - it's the client's browser that'll go fetch the specified url, and the referer will be YOUR site. You cannot change this.
@MarcB, he needs to ensure that the url is navigated from the same domain. so i have suggested to use the variable $_SERVER["HTTP_REFERER "] to check the referrer domain.
2 
http://mydomain.com/link.php?url=http://www.google.com

<?php
 header("Location: {$_GET['url']}");
?>

This?

Improve this answer

4 Comments

Is it possible to ensure that the click itself comes locally?
As a suggestion, you may want to encode the URL in some way to prevent people from typing what they want into the variable, then decode it when setting your header (as @MrSil's answer)
You could check to see if the referrer domain is mydomain.com
What I mean is, I want to ensure that the visitor is clicking the link within my site. I do not want other people to use my redirector externally.
0

Ok, I would like to add a complete answer here.

You could use header to send a redirect header like MrSil said,

header("Location: $url"); // will redirect to $url!

If you want to prevent other people from using your redirect script, you can do something like:

$ref = $_SERVER['HTTP_REFERER'];
$host = parse_url($ref, PHP_URL_HOST);
if($host !== "mydomain.com"){
  // out side request
}

But then, HTTP_REFERER can be easily spoofed. So, what would be a better check?

CSRF Protection. It might look like overkill, and it is also not the perfect way to do this stuff, but it helps.

Also, I don't think a perfect solution exists.

Read this for further info about CSRF.

Improve this answer

2 Comments

This is an excellent answer. Out of curiosity, how can this script be spoofed?
Also, can you please add the header redirect code in there as well so that I can accept this answer as correct. Sorry if I am confused but I cannot see where the $_GET['url' part is...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.